Today's report Older


Source: Security Rabbits
🐰The Rabbit's Foot (TLDR)
πŸ₯• Critical WinRAR Path Traversal (CVE-2025-8088) Actively Exploited: A path traversal vulnerability in the Windows version of WinRAR is being exploited in the wild to execute arbitrary code via malicious archives. Immediately update WinRAR to the latest version and educate users not to open archives from untrusted sources.

πŸ₯• Multiple Critical Vulnerabilities Demand Immediate Patching: Several high-impact flaws are being actively exploited or are highly likely to be targeted, including CVE-2026-46817 in Oracle E-Business Suite (unauthenticated takeover), CVE-2026-8037 in Progress Kemp LoadMaster (pre-auth root RCE), and CVE-2026-48558 in SimpleHelp (used to deploy malware). Prioritize patching these systems immediately.

πŸ₯• Critical Plugin & Enterprise Software Flaws Require Urgent Action: Unauthenticated privilege escalation in ProfileGrid WordPress Plugin (CVE-2026-12073) and pre-auth RCE in IBM Db2 (CVE-2026-10109) pose severe risks. Update ProfileGrid and apply the IBM fix for Db2 without delay.

πŸ₯• Adobe ColdFusion Under Active Threat from Ransomware Groups: Multiple critical vulnerabilities (CVE-2026-48276 and related CV


Source: CVE Trend
🐰Trending vulnerability
 HIGH    CVE‑2025‑8088
Published: 2025-08-08  Updated: 2026-06-17

πŸ₯•πŸ₯•βšͺβšͺβšͺβšͺβšͺβšͺβšͺβšͺ (19%)
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Kosinar, and Peter Strycek. ..


Source: NIST
🐰NIST CVE
πŸ₯• CVE-2026-12073   ProfileGrid WordPress Plugin
Critical unauthenticated privilege escalation via account takeover. Attackers can change the email of the admin user (ID=1) and reset the password. Update the plugin immediately.

πŸ₯• CVE-2026-10109   IBM Db2
Critical pre-auth remote code execution via improper DRDA handshake handling. This is a high-impact vulnerability in a widely-used enterprise database. Apply the IBM fix immediately.

πŸ₯• CVE-2026-48276   Adobe ColdFusion
Multiple critical vulnerabilities (CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48282, CVE-2026-48283, CVE-2026-48313, CVE-2026-48315) allow unauthenticated remote code execution and path traversal. ColdFusion is a prime target for ransomware groups. Prioritize patching.

πŸ₯• CVE-2026-58138   Orkes Conductor
Critical unauthenticated remote code execution via inline workflow definitions. Attackers can execute arbitrary OS commands on the server. Patch to version 3.30.2 or later.

πŸ₯• CVE-2026-56413   Storage Concentrator (SC & SCVM)
Multiple critical vulnerabilities (CVE-2026-56413, CVE-2026-56415, CVE-2026-55721, CVE-2026-50110) allow unauthenticated remote command injection, SQL injection, and contain hardcoded credentials. This is a complete system compromise. Isolate and patch immediately.

πŸ₯• CVE-2026-56278   Flowise
Critical authentication bypass due to a weak hardcoded default session secret. An attacker can forge session cookies to impersonate any user. Change the EXPRESS_SESSION_SECRET environment variable and upgrade.

πŸ₯• CVE-2026-58449   txtai
Critical unauthenticated remote code execution via the /reindex endpoint. An attacker can call arbitrary Python functions, including subprocess.getoutput. Ensure authentication is enabled and the API is not exposed to the internet.

πŸ₯• CVE-2026-12243   NLTK
πŸ₯• CVE-2026-58302   LinuxCNC
πŸ₯• CVE-2026-11589 CVE-2026-11590   WP Support Plus Responsive Ticket System WordPress Plugin
πŸ₯• CVE-2026-12240   Export User Data WordPress Plugin
πŸ₯• CVE-2026-12818 CVE-2026-12819   Delta Electronics DVP12SE PLC
πŸ₯• CVE-2026-14164   libarchive
πŸ₯• CVE-2026-56137   RPG MAKER MV and MZ
πŸ₯• CVE-2026-56808   DGM3103SCT (AVTECH Security)
πŸ₯• CVE-2026-12578   Unspecified Product (Deserialization)
πŸ₯• CVE-2025-24815 CVE-2025-7406   Nokia MantaRay NM
πŸ₯• CVE-2026-10763   PROMOD V
πŸ₯• CVE-2026-12076   Raytha CMS
πŸ₯• CVE-2026-13149   brace-expansion
πŸ₯• CVE-2026-8141   Ajax Load More - Filters WordPress Plugin
πŸ₯• CVE-2026-9711   EventON WordPress Plugin
πŸ₯• CVE-2026-49432 CVE-2026-49434 CVE-2026-49877 CVE-2026-50734 CVE-2026-50750 CVE-2026-53916 CVE-2026-53917 CVE-2026-54475   Apache ActiveMQ
πŸ₯• CVE-2026-13766   DBIx::QuickORM (Perl)
πŸ₯• CVE-2026-14161 CVE-2026-14162   Hospital Queuing Management (Advantech)
πŸ₯• CVE-2026-41053 CVE-2026-44946 CVE-2026-44949   Rancher
πŸ₯• CVE-2026-53690 CVE-2026-53691   Redeight CMS
πŸ₯• CVE-2026-57080 CVE-2026-57081   Net::BitTorrent (Perl)
πŸ₯• CVE-2026-8402   SYSGUARD 6001 (Eksagate)
πŸ₯• CVE-2026-10816 CVE-2026-13474 CVE-2026-8451 CVE-2026-8452 CVE-2026-8655   NetScaler ADC and NetScaler Gateway
πŸ₯• CVE-2026-58014 CVE-2026-58016   GLib
πŸ₯• CVE-2026-58116   LLaMA-Factory
πŸ₯• CVE-2026-6556   @fastify/express
πŸ₯• CVE-2026-27957   Coolify
πŸ₯• CVE-2026-48285 CVE-2026-48307   Adobe ColdFusion
πŸ₯• CVE-2026-48286   Adobe Campaign Classic
πŸ₯• CVE-2026-49451   OpenAPI.NET SDK
πŸ₯• CVE-2026-58165   OpenZiti
πŸ₯• CVE-2026-58166   OpenBMB ChatDev
πŸ₯• CVE-2026-58168   DeepTutor
πŸ₯• CVE-2026-58169 CVE-2026-58170   Vibe-Trading
πŸ₯• CVE-2026-58172   Ocelot
πŸ₯• CVE-2026-58370   Woodpecker
πŸ₯• CVE-2026-58372   SeaweedFS
πŸ₯• CVE-2026-58375   JimuReport
πŸ₯• CVE-2026-58376   Dolibarr
πŸ₯• CVE-2026-58377   JeecgBoot
πŸ₯• CVE-2026-8864   HP Fan Control App
πŸ₯• CVE-2026-10513   Webmention WordPress Plugin
πŸ₯• CVE-2026-10129 CVE-2026-10134 CVE-2026-10140 CVE-2026-10546 CVE-2026-10560 CVE-2026-10564 CVE-2026-7663 CVE-2026-7803 CVE-2026-7871 CVE-2026-7873 CVE-2026-7874   IBM Langflow OSS
πŸ₯• CVE-2026-11546 CVE-2026-11708 CVE-2026-11712 CVE-2026-11714 CVE-2026-11806 CVE-2026-11594 CVE-2026-11541   IBM WebSphere Application Server
πŸ₯• CVE-2026-13449   IBM Business Automation Manager Open Editions
πŸ₯• CVE-2026-13759 CVE-2026-13772   IBM WebSphere Extreme Scale
πŸ₯• CVE-2025-36359   IBM DevOps Automation / DevOps Loop
πŸ₯• CVE-2026-13207   FUXA
πŸ₯• CVE-2026-44628 CVE-2026-35505 CVE-2026-50003 CVE-2026-50254 CVE-2026-52868   DCMTK / storescp / worklist server
πŸ₯• CVE-2026-57585   MessagePack (Python)
πŸ₯• CVE-2025-71349 CVE-2025-71350 CVE-2025-71352 CVE-2025-71355 CVE-2025-71363 CVE-2025-71368 CVE-2025-71371 CVE-2025-71374   picklescan
πŸ₯• CVE-2026-54672 CVE-2026-54673   electron-updater
πŸ₯• CVE-2026-56219 CVE-2026-56230 CVE-2026-56233 CVE-2026-56247 CVE-2026-56249 CVE-2026-56286 CVE-2026-56300 CVE-2026-56320   Capgo
πŸ₯• CVE-2026-56264   Crawl4AI
πŸ₯• CVE-2026-56700   Grav CMS
πŸ₯• CVE-2026-57995   phpMyFAQ



🐰News
The Hacker News
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, [...] (The Hacker News)


Security Affairs
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being [...] (Security Affairs)


The Hacker News
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of [...] (The Hacker News)


darkreading
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
Attackers don't need any special authentication to reach a target endpoint -- they just need to know where it is. (darkreading)


darkreading
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers. (darkreading)


darkreading
AI-Generated Workflows Are a Silent Security Disaster
Teams are dealing with a truly dangerous problem -- automation that works, but that no one understands. (darkreading)


The Hacker News
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 [...] (The Hacker News)


The Hacker News
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a [...] (The Hacker News)


Unsourced
Critical SimpleHelp Vulnerability Exploited For Malware Delivery
Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware (Unsourced)


Unsourced
ClickFix Now Cybercriminals' Favorite Malware Delivery Technique
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users (Unsourced)



Source: Ransomware.live
🐰Ransomware attacks

πŸ‘» qilin
Hemmersbach GmbH & Co. KG, Chamco

πŸ’€ play
Western Construction

🧨 pear
Spector and Lenz, PC, ORA Group Information, Sociedad Latina

⚠️ incransom
sza.it/

🐍 gunra
Yuditec S.A., PirΓ‘mide Seguros, on-us

🐍 genesis
Brooklyn Defender Services

πŸ”’ embargo
www.maytrucking.com

πŸ‘Ή cmdorganization
Port Angeles Composite, Medlink Georgia

🧟 chaos
universalplant.com

πŸ‘Ή BrainCipher
paipharma.com

πŸ•ΆοΈ blacknevas
Arkin Group

πŸ«₯ aurora
Primed Halberstadt Medizintechnik

πŸ”’ akira
Advanced Business Systems, About Todd Hamaker & Johnson


Source: Hybrid Analysis
🐰Top malicious URL


    Source: Hybrid Analysis
    🐰Top malicious files


      Security Rabbits Copyright © 2026 Flo BI. All rights reserved.